K8s 使用 CephFS 作为后端存储（静态供给、动态供给）

本文主要是介绍K8s 使用 CephFS 作为后端存储（静态供给、动态供给），希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

一、K8s 使用 CephFS

CephFS是 Ceph 中基于RADOS（可扩展分布式对象存储）构建，通过将文件数据划分为对象并分布到集群中的多个存储节点上来实现高可用性和可扩展性。

首先所有 k8s 节点都需要安装 ceph-common 工具：

yum -y install epel-release ceph-common

二、静态供给方式

静态供给方式需要提前创建好 CephFS 给到 K8s 使用。

2.1 在 Ceph 中创建 FS 和 授权用户

创建存储池：

# 数据存储池
ceph osd pool create cephfs_data_pool 16# 元数据存储池
ceph osd pool create ceph_metadata_pool 8

创建 FS ：

ceph fs new k8s-cephfs cephfs_data_pool ceph_metadata_pool

创建用户 fs-user 并授权存储池 cephfs_data_pool

查看 admin 用户秘钥：

ceph auth get-key client.admin

2.2 在 k8s 中创建 secret

export ADMIN_USER_SECRET='AQDdUB9mcTI3LRAAOBpt3e7AH5v9fiMtHKQpqA=='kubectl create secret generic ceph-admin-default-secret --type="kubernetes.io/rbd" \
--from-literal=key=$ADMIN_USER_SECRET \
--namespace=default

2.3 pod 直接使用 CephFS 存储

vi cephfs-test-pod.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumecephfs:monitors: ["11.0.1.140:6789"]path: /user: adminsecretRef:name: ceph-admin-default-secret

kubectl apply -f cephfs-test-pod.yml

查看 pod ：

kubectl get pods

可以进到 pod 中查看分区情况：

kubectl exec -it cephfs-test-pod -- /bin/bashdf -hl

2.4 创建 PV 使用 CephFS 存储

vi cephfs-test-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:name: cephfs-test-pv
spec:accessModes: ["ReadWriteOnce"]capacity:storage: 2GipersistentVolumeReclaimPolicy: Retaincephfs:monitors: ["11.0.1.140:6789"]path: /user: adminsecretRef:name: ceph-admin-default-secret

kubectl apply -f cephfs-test-pv.yml

创建 PVC 绑定 PV ：

vi cephfs-test-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: cephfs-test-pvc
spec:accessModes: ["ReadWriteOnce"]resources:requests:storage: 2Gi

kubectl apply -f cephfs-test-pvc.yml

查看 pvc 和 pv ：

kubectl get pvckubectl get pv

测试 pod 挂载 pvc：

vi cephfs-test-pod1.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod1
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumepersistentVolumeClaim:claimName: cephfs-test-pvcreadOnly: false

kubectl apply -f cephfs-test-pod1.yml

查看 pod ：

kubectl get pods

三、动态供给方式

由于官方没有提供cephfs动态卷支持，这里使用社区提供的cephfs-provisioner 插件实现动态供给：

vi external-storage-cephfs-provisioner.yml

apiVersion: v1
kind: ServiceAccount
metadata:name: cephfs-provisionernamespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: cephfs-provisioner
rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["create", "update", "patch"]- apiGroups: [""]resources: ["endpoints"]verbs: ["get", "list", "watch", "create", "update", "patch"]- apiGroups: [""]resources: ["secrets"]verbs: ["create", "get", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: cephfs-provisioner
subjects:- kind: ServiceAccountname: cephfs-provisionernamespace: kube-system
roleRef:kind: ClusterRolename: cephfs-provisionerapiGroup: rbac.authorization.k8s.io---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: cephfs-provisionernamespace: kube-system
rules:- apiGroups: [""]resources: ["secrets"]verbs: ["create", "get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: cephfs-provisionernamespace: kube-system
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: cephfs-provisioner
subjects:
- kind: ServiceAccountname: cephfs-provisionernamespace: kube-system---
apiVersion: apps/v1
kind: Deployment
metadata:name: cephfs-provisionernamespace: kube-system
spec:selector:matchLabels:app: cephfs-provisionerreplicas: 1strategy:type: Recreatetemplate:metadata:labels:app: cephfs-provisionerspec:containers:- name: cephfs-provisionerimage: "registry.cn-chengdu.aliyuncs.com/ives/cephfs-provisioner:latest"env:- name: PROVISIONER_NAMEvalue: ceph.com/cephfscommand:- "/usr/local/bin/cephfs-provisioner"args:- "-id=cephfs-provisioner-1"serviceAccount: cephfs-provisioner

kubectl apply -f external-storage-cephfs-provisioner.yml

查看 pod：

kubectl get pods -n kube-system

3.1 创建 StorageClass

vi cephfs-sc.yml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:name: dynamic-cephfs
provisioner: ceph.com/cephfs
parameters:monitors: 11.0.1.140:6789adminId: adminadminSecretName: ceph-admin-default-secretadminSecretNamespace: defaultclaimRoot: /volumes/kubernetes

kubectl apply -f cephfs-sc.yml

查看 SC：

kubectl get sc

3.4 测试创建 PVC

vi cephfs-pvc1.yml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: cephfs-pvc1
spec:accessModes:     - ReadWriteOncestorageClassName: dynamic-cephfsresources:requests:storage: 2Gi

kubectl apply -f cephfs-pvc1.yml

查看 pvc：

kubectl get pvc

创建 pod 使用上面 pvc ：

vi cephfs-test-pod2.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod2
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumepersistentVolumeClaim:claimName: cephfs-pvc1readOnly: false

kubectl apply -f cephfs-test-pod2.yml

查看 pod ：

kubectl get pods

3.5 测试使用 volumeClaimTemplates 动态创建 pv 和 pvc

vi mysql.yml

# headless service 
apiVersion: v1
kind: Service
metadata:name: mysql-hlnamespace: mysqllabels:app: mysql-hl
spec:clusterIP: Noneports:- name: mysql-portport: 3306selector:app: mysql---
# NodePort service 
apiVersion: v1
kind: Service
metadata:name: mysql-npnamespace: mysqllabels:app: mysql-np
spec:clusterIP: ports:- name: master-portport: 3306nodePort: 31306targetPort: 3306selector:app: mysqltype: NodePorttarget-port:externalTrafficPolicy: Cluster ---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: mysql
spec:serviceName: "mysql-hl"replicas: 1selector: matchLabels: app: mysqltemplate:metadata:labels:app: mysqlspec:containers:- name: mysqlimage: mysql:8.0.20ports:- containerPort: 3306name: master-portenv:- name: MYSQL_ROOT_PASSWORDvalue: "root"- name: TZvalue: "Asia/Shanghai"volumeMounts:                           - name: mysql-datamountPath: /var/lib/mysql volumeClaimTemplates:- metadata:name: mysql-dataspec:accessModes: ["ReadWriteOnce"]storageClassName: dynamic-cephfsresources:requests:storage: 2Gi

kubectl apply -f mysql.yml

查看 pod ：

查看 pvc ：

查看 pv：

这篇关于K8s 使用 CephFS 作为后端存储（静态供给、动态供给）的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---